Why Does Having a Portfolio of Secure Destruction Matter?

When your IT equipment reaches end of life or retirement, what’s the next step in electronic data destruction? How do you protect your customer data or your own data so it doesn’t fall into the wrong hands?

Sipi Asset Recovery is the only ITAD company with the complete portfolio of all four methods of secure data destruction. John McLeod, VP of Sales & Marketing and Eric Dorn, Senior Vice President & General Manager of Sipi Asset Recovery explain the importance of having a trusted partner portfolio of secure destruction.

Q: What is secure data wiping?A: At its most basic level, secure data wiping is using software to overwrite the existing data with 0s and 1s. Drives can be overwritten one or many times and are often completed with a random pattern and a verification pass.

Q: Which asset disposition issue does this address?A: Secure data wiping addresses three main issues: 1) it retains the most value when compared to the other three methods of destruction, 2) it doesn’t require complex technology or implementation and 3) it doesn’t contribute to any environmental concerns associated with other methods.

Q: What are the missing elements or concerns with this method?A: The potential risks of this method would be to ensure the process is done properly and effectively. Although, not all drives will complete the wiping process successfully. Wipe failures must have a subsequent destruction method used to assure proper sanitization occurs. At least one additional method will be needed to complete a full wiping process. It is not possible to visually distinguish between a wiped and unwiped drive, so a robust tracking and inventory management system is recommended.

Q: When and why would an enterprise use Method 1?A: Depending on the risk posture of the assets, secure data wiping may be a sufficient method. This method allows you to recover value from the asset as the other three methods do not.

Q: What does drive shredding and crushing entail?A: Drive shredding and crushing is the physical destruction of a data-bearing asset via industrial sized shredders, manual/leverage crushers or automatic crushers.

Q: Which asset disposition issue does this address?A: After properly crushing or shredding an asset, retrieving any data from the device is extremely difficult. Shredded/crushed drives are easily distinguished from non-destroyed drives.

Q: What are the missing elements or concerns with this method?A: Unless either data wiping or degaussing has been competed prior to shred/crushing, data still resides on the shredded or crushed pieces of the asset. This method makes obtaining the data very difficult, but it can still be accessed if technology, resources and time are not limiting factors. Both shredding and crushing will produce particulate and dust, which will need to be addressed both during and after the destruction process. Any shredding or crushing solution will require a properly vetted downstream recycler.

Q: When and why would an enterprise use Method 2?A: Depending on the risk profile, an extra level of security can be helpful to further protect secure data or if a data-bearing asset cannot be wiped or degaussed. When destroying larger density drives such as HAMRs and MAMRs, the process often requires excessive amounts of time. Therefore, crushing and shredding these assets can save both time and money.

Q: Can you explain the process of degaussing?A: Degaussing uses a magnetic charge to scramble the zeroes and ones of a data-bearing asset which both scrambles the resident data and renders the device unusable.

Q: Which asset disposition issue does this address?A: Degaussing is a cost-effective and rapid solution to use when destroying data-bearing assets. Although, hard drives that are degaussed cannot be re-used.

Q: What are the missing elements or concerns with this method?A: Degaussing is ineffective and not a recorded method for certain data-bearing assets such as SSD and new technologies (HAMR and MAMR drives). In addition, you can’t physically tell if the data is completely wiped, supplemental methods of destruction may be necessary.

Q: When and why would an enterprise use Method 3?A: The degaussing process is fast - you can degauss a drive in a matter of seconds. This method also eliminates many environmental impacts. Degaussing can be a fast sufficient data destruction method in many environments, especially those with a minimal amount of SSD or HAMR/MAMR devices.

Q: What is Sipi FIREMELT™?A: The Sipi FIREMELT™ process liquefies data-bearing components into an unusable, molten form, which guarantees data to be unrecoverable. The molten liquid is then poured into ingots for use in subsequent metal recycling processes.

Q: Which asset disposition issue does this address?A: Sipi FIREMELT™ is the only data destruction method which guarantees that all components of the storage device, including the data contained within it, are destroyed. In addition, this method stays ahead of any technology concern with sanitization of next-gen technology such as SSD, HAMR, MAMR, etc.

Q: What are the missing elements or concerns with this method?A: Ultimate destruction using FIREMELT™ cannot be achieved onsite. So depending upon your risk profile and policy, transportation and security could pose a potential concern. However, Sipi’s ability to transport materials via a TAPA certified carrier network and processing in our TAPA certified facility can help mitigate this risk. Sipi recommends and needs assessment to determine if methods 1, 2 or 3 should be utilized prior to transport. With security and transparency as top objectives, we ensure that every step in the ITAD process is tracked and documented according to each client’s standards.

Q: When and why would an enterprise use Method 4?A: When you need 100% certainty your data has been absolutely destroyed. When information is deemed to have a high-risk posture, FIREMELT™ is the most appropriate method.

Q: Why and when would business leaders benefit from all four methods of secure destruction?A: Sipi offers a portfolio of choice that is flexible and adaptable. We recognize that certain companies may only require secure data wiping for a certain subset of assets. But if you desire to achieve ultimate destruction, Sipi is the only partner providing a robust portfolio of secure destruction services.

Q: Why does data security matter?A: Brand reputation is everything. Given the potential risks that data security and data governance pose to a company, it is vital that businesses seek out a trusted partner that will equip them to face the security challenges of today and tomorrow. Sipi is ready to jointly develop the best program with you that meets your risk profile, corporate requirements and business strategies.